Fix isomorphism between of_seed/of_string and awa_gen_key (#40)

* Fix isomorphism between of_seed/of_string and awa_gen_key Co-authored-by: Hannes Mehnert <[email protected]>
mirage · Nov 25, 2021 · 5afcb11 · 5afcb11
1 parent 1ac4328
commit 5afcb11
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 24 deletions.
diff --git a/awa.opam b/awa.opam
@@ -22,7 +22,7 @@ depends: [
   "mirage-crypto-rng"
   "mirage-crypto-pk"
   "mirage-crypto-ec" {>= "0.10.0"}
-  "x509" {>= "0.12.0"}
+  "x509" {>= "0.15.2"}
   "cstruct" {>= "6.0.0"}
   "cstruct-unix"
   "cstruct-sexp"

diff --git a/lib/keys.ml b/lib/keys.ml
@@ -72,35 +72,31 @@ let authenticator_of_string str =
       | Error (`Msg msg) ->
         Error (str ^ " is invalid or unsupported authenticator, b64 failed: " ^ msg)
 
-let of_seed typ seed =
-  let g =
-    let seed = Cstruct.of_string seed in
-    Mirage_crypto_rng.(create ~seed (module Fortuna))
-  in
-  match typ with
-  | `Rsa ->
-    let key = Mirage_crypto_pk.Rsa.generate ~g ~bits:2048 () in
-    let public = Mirage_crypto_pk.Rsa.pub_of_priv key in
-    let pubkey = Wire.blob_of_pubkey (Hostkey.Rsa_pub public) in
+let of_seed ?bits typ seed =
+  let typ = match typ with `Rsa -> `RSA | `Ed25519 -> `ED25519 in
+  match X509.Private_key.generate ~seed:(Cstruct.of_string seed) ?bits typ with
+  | `RSA k ->
+    let pub = Mirage_crypto_pk.Rsa.pub_of_priv k in
+    let pubkey = Wire.blob_of_pubkey (Hostkey.Rsa_pub pub) in
     Log.info (fun m -> m "using ssh-rsa %s"
                  (Cstruct.to_string pubkey |> Base64.encode_string));
-    Hostkey.Rsa_priv key
-  | `Ed25519 ->
-    let priv, pub = Mirage_crypto_ec.Ed25519.generate ~g () in
+    Hostkey.Rsa_priv k
+  | `ED25519 k ->
+    let pub = Mirage_crypto_ec.Ed25519.pub_of_priv k in
     let pubkey = Wire.blob_of_pubkey (Hostkey.Ed25519_pub pub) in
     Log.info (fun m -> m "using ssh-ed25519 %s"
                  (Cstruct.to_string pubkey |> Base64.encode_string));
-    Hostkey.Ed25519_priv priv
+    Hostkey.Ed25519_priv k
+  | _ -> assert false (* XXX(dinosaure): should never occur, may be a GADT is needed here! *)
 
 let of_string str =
   match String.split_on_char ':' str with
   | [ typ; data; ] ->
-    ( match typ_of_string typ, Base64.decode data with
-    | Ok `Rsa, Ok seed -> Ok (of_seed `Rsa seed)
-    | Ok `Ed25519, Ok key ->
-      ( match Mirage_crypto_ec.Ed25519.priv_of_cstruct (Cstruct.of_string key) with
-      | Ok key -> Ok (Hostkey.Ed25519_priv key)
-      | Error err -> Error (`Msg (Fmt.str "%a" Mirage_crypto_ec.pp_error err)) )
-    | Error _, _ -> Error (`Msg "Invalid type of SSH key")
-    | _, Error _ -> Error (`Msg "Invalid b64 key seed") )
-  | _ -> Error (`Msg "Invalid SSH key format (type:b64-seed)")
+    let* typ = Result.map_error (fun m -> `Msg m) (typ_of_string typ) in
+    let typ = match typ with `Rsa -> `RSA | `Ed25519 -> `ED25519 in
+    let* res = X509.Private_key.of_string typ data in
+    (match res with
+     | `RSA k -> Ok (Hostkey.Rsa_priv k)
+     | `ED25519 k -> Ok (Hostkey.Ed25519_priv k)
+     | _ -> assert false)
+  | _ -> Error (`Msg "Invalid SSH key format (type:key)")